Is India Geared Up To Handle The Dynamics Of The Cyber Age?

On July 2, the government of India released the National Cyber Security Policy 2013. This policy extends to a spectrum of ICT users and providers, including home users, SMEs, large enterprises, and government and nongovernment entities. The policy aims to serve as an umbrella framework for defining and guiding the actions related to the security of cyberspace. The policy has been much delayed but has now been released amid reports of snooping by the US globally — and ever-increasing threats to India as a country.

The policy defines 14 diverse objectives that provide an overview of the government’s approach to the protection of cyberspace in the country. A few objectives that will have a positive impact on S&R professionals in India caught my attention:

  • The appointment of chief information security officer (CISO). Organizations may or may not have a designated person responsible for cybersecurity initiatives today. With the release of National Cyber Security Policy 2013, organizations will be mandated to appoint a person in a senior management role as CISO.
  • A strong security workforce. The government plans to create a strong workforce of 500,000 security professionals in the next five years through skill development and training programs. This will mean more opportunities to enhance skills and more job opportunities for S&R professionals.
  • Fiscal benefits. The government will provide fiscal benefits to businesses adopting standard security practices. This objective will attract the senior management within organizations. They will be more supportive to the security department and its initiatives.
  • An enforced security budget. The policy mandates all organizations to earmark a specific budget each year for security initiatives. This will come as a relief to S&R professionals, who tend to struggle with ever-tightening security budgets.

The formulation of such a policy is a commendable first step initiated by the government of India. However, the policy fails to match up with its international counterparts on several parameters, such as:

  • Improved international cooperation. International co-operation and the need for better alliances and partnerships with like-minded countries or allies, including facilitating capacity building of less developed countries are shared as key objectives by most strategies.
  • Respect for fundamental values. All strategies place a strong emphasis on the need for cybersecurity policy to respect fundamental values, which generally include privacy, freedom of speech, and the free flow of information.

India is likely to face many more cybersecurity challenges over the coming decades as the mobile Internet begins to pervade a greater proportion of the population. These policy developments will likely be one of many improvements and refinements to be made which will directly impact S&R professionals. It’s these effects that I intend to research over the coming year.

What are the specific challenges you think India will face? What do you feel you will need to know more about to become more effective in the S&R role in India? Let me know your thoughts and we’ll develop our research efforts around what is likely to be most useful to you.


Interesting article

Interesting article

Thanks !!! for recommending

Thanks !!! for recommending the article

Its high time Organisations &

Its high time Organisations & Policymakers invest in Cyber Security. While some of the policies may just end up being lip-service - given our countries extremely bureaucratic systems, fiscal benefits & training would definitely help change the scenario. What is required is a proactive rather than reactive approach and a change in mindset, especially in the C-suite.

Thanks Surbhi on your

Thanks Surbhi on your comments. I completely agree with you that change in mindset is a must in the C-suite. That will encourage the security culture within the organization. The government must have a concrete implementation plan for such policies.

Legalized Information Sharing

It would be nice to know what frameworks are in place for legalized information sharing, data collection and storage policies.

Does it provide a way through the cyber-security shield to support all this?

As you correctly say the threats are going to increase in the near future as the 'mobile internet platform' concept explodes across India. It will be interesting to review what is the current utilization/collection rate of online user data by Indian websites and what the trends say about the future.

Thanks Azahar for your

Thanks Azahar for your comments. The National Cyber Security Policy is set of high level statements and objectives. The implementation plan on how, who, where is still not spelled out . There is a lot of ambiguity like IT Amendment Act 2008. To my surprise IT Amendment Act 2008 is not mentioned in Cyber Security Policy.

Its good to know that a

Its good to know that a policy now exist. We have to wait and see how are policies getting implemented. Strong federal regulations are required to implement such policies.

Thanks Amrut for your

Thanks Amrut for your comments. I completely agree with you. The real challenge is the implementation of such policies. We have to wait and watch for government implementation plan.


Interesting and informative..

full movie downloads